VirusScan - SVCHOST.EXE Buffer Overflow

VirusScan - SVCHOST.EXE Buffer Overflow

VirusScan - SVCHOST.EXE Buffer Overflow

Good morning Tech's, I am having a very strange issue on a large amount of our PC's in our remote location. This remote location is connected to my centeral office via a Point-to-Point. All servers reside in the central office and so does the Internet Gateway. Reason for the above is this issue is only happening in our remote location.

The issue is that McAfee VirusScan keeps popping up on users computers with the following message:

RE: VirusScan - SVCHOST.EXE Buffer Overflow

The quick and easy way is to first of all download the Microsoft Malicious Removal Tool from MS website (KB890830). Then download the MS patch, KB958644, which prevent confiker from coming back.

I have a document from McAfee about Conficker, but I can't attach it here, so if you want a copy, PM me and I'll send it across. To be honest though, I didn't read through it, and just did the steps above and the conficker was removed from our machines.

RE: VirusScan - SVCHOST.EXE Buffer Overflow

1) I would suggest that you apply MS08-067 which is the Microsoft fix for Conficker.

2) With most recent DAT files, run a SCHEDULED On Demand Scan > Reboot > SCHEDULED On Demand Scan

The reason for it being scheduled is because Conficker requires elevated priveledges to be removed. A scheduled On Demand Scan uses the "System" account whereas running the scan by right click system tray > On Demand Scan uses the locally logged on user account.

Even if the logged on user is Domain Admin, Conficker can lock out Domain Admin accounts.